China

Image

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in China. The IAPP Resource Center also includes an “Asia” topic page, which can be accessed here.

Subscribe to the IAPP Asia-Pacific Dashboard Digest e-newsletter
Keep up to date with the most important privacy and data protection news from Asia and Australia-New Zealand by subscribing to the Asia-Pacific Dashboard Digest e-newsletter.

Featured Resources

Top-5 Operational Impacts of the PIPL

This 5-part series is written by a host of experts on Chinese law. It explores the most important features of China’s PIPL, from requirements around sensitive personal information, data subject rights, and international data transfers, to the bases for handling data, DPO responsibilities, and enforcement mechanisms and penalties.
Read More

Chinese SCCs: Are you ready?

The Cyberspace Administration of China released the long-awaited Chinese standard contractual clauses. This video discusses what implementing the new SCCs means in practice and where you should be focused now.
Read More

China’s cross-border data transfer guidelines

China’s Measures for Security Assessment of Outward Data Transfer went into effect Sept. 1, and the Cyberspace Administration of China released assessment guidelines for entities to follow regarding conducting security assessments. This article breaks down the guidelines and offers recommendations for companies facing the possibility of noncompliance.
Read More


Latest News and Resources

A look at what's in China's new SCCs

The long-awaited Chinese standard contractual clauses and SCC Regulations were finally released by the Cyberspace Administration of China Feb. 24, effective June 1. This indicates that all three major legal mechanisms under China's Personal Information Protection Law, namely CAC-led security assessment, certification by licensed professional institutions, and Chinese SCCs, are all fully established with the necessary details for implementation. Application scope According to the SCC Regulation... Read More

China’s PIPL takes effect, compliance ‘a challenge’

China’s new Personal Information Protection Law takes effect today, Nov. 1, just over two months after its adoption, with companies seeking to figure out how to best comply and regulators working to answer remaining questions. The Standing Committee of the National People’s Congress passed the law in August to “protect the rights and interests of personal information, regulate personal information processing activities, and promote the rational use of personal information.” The law includes pro... Read More

China cross-border data transfer mechanism and its implications

China’s rise on the global stage has manifested itself in many ways, and it should be no surprise that China has gained prominence in terms of its privacy and security legislation. In recent years, major pieces of legislation have been promulgated: the 2017 Cybersecurity Law, the 2021 Data Security Law and the 2021 Personal Information Protection Law. One common area of interest arising from those three laws, especially for organizations, is how cross-border data transfers will be addressed and... Read More

Will China’s new certification rules be a popular legal path for outbound data transfers?

On Nov. 1, 2021, China’s Personal Information Protection Law took effect and became the first Chinese law dedicated to protecting the personal information rights of individuals. However, due to a lack of implementation regulations and clarity, many companies face a situation where they are unsure how to comply with areas of the PIPL. Nowhere is this more of an issue than with Article 38 of the PIPL, which provides several conditions (or legal paths) that must be met before a cross-border data t... Read More

How China’s draft SCCs compare with EU SCCs
(IAPP, July 2022)
Top 5 operational impacts of China’s PIPL — Part 5: International data transfers
(IAPP, March 2022)
Top 5 operational impacts of China’s PIPL — Part 4: Penalties and enforcement mechanisms
(IAPP, March 2022)
Top 5 operational impacts of China’s PIPL: Part 3 — Personal information protection officer
(IAPP, February 2022)
Top-5 operational impacts of China’s PIPL: Part 2 — Obligations and rights
(IAPP, February 2022)
Top-5 operational impacts of China’s PIPL: Part 1 — Scope, key definitions and lawful handling of personal information
(IAPP, February 2022)
Demystifying Data Localization in China: A Practical Guide
(IAPP, February 2022)
China bans apps over PIPL, DSL violations
(IAPP, December 2021)
China publishes draft data security regulations
(IAPP, November 2021)
China’s central bank to crack down on fintech and protect privacy
(IAPP, November 2021)
Web Conference: China’s PIPL Law — How it Can Affect You and What You Need to do Now
(IAPP, October 2021)
China’s draft algorithm regulations: A first for consumer privacy
(IAPP, October 2021)
China’s key enforcement agencies and lessons learned from recent actions
(IAPP, August 2021)
Analyzing China’s PIPL and how it compares to the EU’s GDPR
(IAPP, August 2021)
LinkedIn Live: “Introducing China’s New Privacy Law: PIPL”
(IAPP, August 2021)
China adopts national privacy law
(IAPP, August 2021)
China rolls out guidance on IoT security standards
(IAPP, October 2021)
China clamps down on cryptocurrency transactions
(IAPP, September 2021)
Shanghai sets up data exchange to improve manufacturing efficiency
(IAPP, September 2021)
CAC unveils draft regulations on ‘algorithmic recommendations’
(IAPP, August 2021)
Draft PIPL submitted for deliberation
(IAPP, August 2021)
China signals clamp down on privacy, AI and big data through 2025
(IAPP, August 2021)
NPC to consider final passage of China’s PIPL
(IAPP, July 2021)
Shenzhen passes China’s first local data law
(IAPP, July 2021)
How a smart city challenge highlights China’s AI success
(IAPP, July 2021)
The future of data localization and cross-border transfer in China: a unified framework or a patchwork of requirements?
(IAPP, June 2021)
Inside China’s efforts to regulate tech companies’ data
(IAPP, June 2021)
China passes data security law
(IAPP, June 2021)
China, India could finalize privacy legislation by year’s end
(IAPP, April 2021)
Hangzhou court makes final ruling in China’s first facial recognition lawsuit
(IAPP, April 2021)
Privacy Updates in China and India: 2 Giants Legislating Data Protection
(IAPP, April 2021)
China’s central bank seeks to allay digital currency privacy concerns
(IAPP, March 2021)
Chinese government issues new data collection rules
(IAPP, March 2021)
China launches vaccine passport for domestic travelers
(IAPP, March 2021)
The road ahead for China’s draft privacy bill: What we can learn from public comments
(IAPP, January 2021)
China’s Civil Code now in effect
(IAPP, January 2021)
A look at the extraterritorial applicability of China’s newly issued PIPL: A comparison to the EU’s GDPR
(IAPP, November 2020)
A look at China’s draft of Personal Data Protection Law
(IAPP, October 2020)
China rolls out global data security plan
(IAPP, September 2020)
Leak exposes Chinese minority surveillance
(IAPP, August 2020)
Beijing Internet Court rules against social media sites in user data cases
(IAPP, August 2020)
Federal case against TikTok claims children’s data sent to China
(IAPP, August 2020)
Chinese Parliament considers privacy law as annual meeting begins
(IAPP, May 2020)
Chinese facial-recognition tech works past masks
(IAPP, March 2020)
Report: Software used during coronavirus outbreak shares personal data with police
(IAPP, March 2020)
Coronavirus ramps up Chinese data collection
(IAPP, February 2020)
China likely to regulate apps more stringently in 2020
(IAPP, February 2020)
Chinese regulators issue rules to prevent illegal collection and use of app users’ data
(IAPP, January 2020)
China uses DNA to create human facial images
(IAPP, December 2019)
China has released its version of COPPA
(IAPP, October 2019)
Web Conference: Changing Needs, Changing Laws: The Origin and Impact of China’s PIPL
(IAPP, August 2019)
View More Resources

PIPL Law and Resources

On August 20, 2021, the top legislative body in the People’s Republic of China, the Standing Committee of the National People’s Congress, passed the Personal Information Protection Law. The law went into effect Nov. 1, 2021. This English translation of the law is published by the Stanford DigiChina Cyber Policy Center.

China adopts national privacy law

The top legislative body in the People's Republic of China voted Friday to adopt a new national privacy law. The Standing Committee of the National People's Congress passed the Personal Information Protection Law at a meeting in Beijing, according to the nation's state-operated Xinhua News Agency. The sweeping law will take effect Nov. 1. With the move, the PRC joins three of the world's top four economies with an omnibus privacy law, leaving the U.S. as the only nation in the top four without ... Read More